A certificate system provides a security framework to ensure that network resources are accessed by authorized users. The certificate system is capable of generating digital certificates for different users to verify the identity of a presenter. The certificate system can include a Certificate Authority (CA) sub-system to issue and revoke certificates. Revoked certificates are certificates that are no longer valid and should no longer be relied upon. A certificate revocation list (CRL) is a list of the revoked certificates and is published by the CA that issued the certificates. A CRL tends to grow rapidly and can include millions of certificates, and the generation of a CRL consumes much of a CA sub-system's resources. Traditionally, a CRL is generated from a database, which is a slow and time-consuming process. Another traditional solution stores all of the revoked certificates in the cache of the CA sub-system and generates CRL from the CA sub-system's cache, which is on average 100 times faster than generating a CRL from a database. However, encoding data from a cache also consumes much of a CA sub-system's resources. A CA sub-system is also busy handling requests to perform other CA management functions, such as to issue, generate, and revoke certificates. The generation of the CRLs and the handling of a large number of CA management requests can greatly burden the CA sub-system resources, and thus, have a negative affect on the performance of a CA sub-system.